diff --git a/.gitignore b/.gitignore
index 00d0f053e..dbb57a681 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,6 @@
 # common build directory
 build
+_codeql_build_dir
 *-build-*
 
 # Python cache
diff --git a/_codeql_detected_source_root b/_codeql_detected_source_root
new file mode 120000
index 000000000..945c9b46d
--- /dev/null
+++ b/_codeql_detected_source_root
@@ -0,0 +1 @@
+.
\ No newline at end of file
diff --git a/include/ada/url_search_params-inl.h b/include/ada/url_search_params-inl.h
index 256418dde..168bb04c9 100644
--- a/include/ada/url_search_params-inl.h
+++ b/include/ada/url_search_params-inl.h
@@ -134,7 +134,7 @@ inline std::string url_search_params::to_string() const {
   return out;
 }
 
-inline std::string url_search_params::to_raw_string() const {
+inline std::string url_search_params::to_unsafe_string() const {
   std::string out{};
   for (const auto &[key, value] : params) {
     if (!out.empty()) {
diff --git a/include/ada/url_search_params.h b/include/ada/url_search_params.h
index 57318c694..93cc7f432 100644
--- a/include/ada/url_search_params.h
+++ b/include/ada/url_search_params.h
@@ -103,9 +103,10 @@ struct url_search_params {
   /**
    * Returns a serialized query string without normalizing the key-value pairs.
    * Unlike to_string(), this method does not apply additional transformations
-   * to the percent-encoded output.
+   * to the percent-encoded output. The result is not standard compliant and
+   * is therefore unsafe.
    */
-  inline std::string to_raw_string() const;
+  inline std::string to_unsafe_string() const;
 
   /**
    * Returns a simple JS-style iterator over all of the keys in this
diff --git a/include/ada_c.h b/include/ada_c.h
index 6ac31387e..07709bdbb 100644
--- a/include/ada_c.h
+++ b/include/ada_c.h
@@ -130,7 +130,8 @@ void ada_free_search_params(ada_url_search_params result);
 size_t ada_search_params_size(ada_url_search_params result);
 void ada_search_params_sort(ada_url_search_params result);
 ada_owned_string ada_search_params_to_string(ada_url_search_params result);
-ada_owned_string ada_search_params_to_raw_string(ada_url_search_params result);
+ada_owned_string ada_search_params_to_unsafe_string(
+    ada_url_search_params result);
 
 void ada_search_params_append(ada_url_search_params result, const char* key,
                               size_t key_length, const char* value,
diff --git a/src/ada_c.cpp b/src/ada_c.cpp
index 476ca9c02..94f3a822d 100644
--- a/src/ada_c.cpp
+++ b/src/ada_c.cpp
@@ -487,11 +487,12 @@ ada_owned_string ada_search_params_to_string(ada_url_search_params result) {
   return owned;
 }
 
-ada_owned_string ada_search_params_to_raw_string(ada_url_search_params result) {
+ada_owned_string ada_search_params_to_unsafe_string(
+    ada_url_search_params result) {
   ada::result<ada::url_search_params>& r =
       *(ada::result<ada::url_search_params>*)result;
   if (!r) return ada_owned_string{nullptr, 0};
-  std::string out = r->to_raw_string();
+  std::string out = r->to_unsafe_string();
   ada_owned_string owned{};
   owned.length = out.size();
   owned.data = new char[owned.length];
diff --git a/tests/ada_c.cpp b/tests/ada_c.cpp
index b5461bc10..d2fac4aab 100644
--- a/tests/ada_c.cpp
+++ b/tests/ada_c.cpp
@@ -357,7 +357,7 @@ TEST(ada_c, ada_url_search_params) {
   SUCCEED();
 }
 
-TEST(ada_c, ada_search_params_to_raw_string) {
+TEST(ada_c, ada_search_params_to_unsafe_string) {
   std::string input("a=b c&d=e+f");
   auto out = ada_parse_search_params(input.c_str(), input.length());
 
@@ -367,8 +367,8 @@ TEST(ada_c, ada_search_params_to_raw_string) {
   ASSERT_EQ(convert_string(str), "a=b+c&d=e+f");
   ada_free_owned_string(str);
 
-  // to_raw_string outputs raw key/value without any encoding
-  ada_owned_string raw_str = ada_search_params_to_raw_string(out);
+  // to_unsafe_string outputs raw key/value without any encoding
+  ada_owned_string raw_str = ada_search_params_to_unsafe_string(out);
   ASSERT_EQ(convert_string(raw_str), "a=b c&d=e f");
   ada_free_owned_string(raw_str);
 
@@ -377,7 +377,7 @@ TEST(ada_c, ada_search_params_to_raw_string) {
   SUCCEED();
 }
 
-TEST(ada_c, ada_search_params_to_raw_string_remove) {
+TEST(ada_c, ada_search_params_to_unsafe_string_remove) {
   std::string input("a=%20&b=remove&c=2");
   auto params = ada_parse_search_params(input.c_str(), input.length());
 
@@ -389,8 +389,8 @@ TEST(ada_c, ada_search_params_to_raw_string_remove) {
   ASSERT_EQ(convert_string(str), "a=+&c=2");
   ada_free_owned_string(str);
 
-  // to_raw_string outputs raw key/value without any encoding
-  ada_owned_string raw_str = ada_search_params_to_raw_string(params);
+  // to_unsafe_string outputs raw key/value without any encoding
+  ada_owned_string raw_str = ada_search_params_to_unsafe_string(params);
   ASSERT_EQ(convert_string(raw_str), "a= &c=2");
   ada_free_owned_string(raw_str);
 
diff --git a/tests/url_search_params.cpp b/tests/url_search_params.cpp
index 09fd75328..8b7af75cd 100644
--- a/tests/url_search_params.cpp
+++ b/tests/url_search_params.cpp
@@ -449,47 +449,47 @@ TEST(url_search_params, sort_unicode_code_units_edge_case) {
   SUCCEED();
 }
 
-TEST(url_search_params, to_raw_string_no_normalization) {
+TEST(url_search_params, to_unsafe_string_no_normalization) {
   auto params = ada::url_search_params();
   params.append("a", "b c");
   // to_string normalizes space to +
   ASSERT_EQ(params.to_string(), "a=b+c");
-  // to_raw_string outputs raw key/value without any encoding
-  ASSERT_EQ(params.to_raw_string(), "a=b c");
+  // to_unsafe_string outputs raw key/value without any encoding
+  ASSERT_EQ(params.to_unsafe_string(), "a=b c");
   SUCCEED();
 }
 
-TEST(url_search_params, to_raw_string_with_special_chars) {
+TEST(url_search_params, to_unsafe_string_with_special_chars) {
   auto params = ada::url_search_params();
   params.append("key1", "value with spaces");
   params.append("key2", "another value");
   // to_string normalizes spaces to +
   ASSERT_EQ(params.to_string(), "key1=value+with+spaces&key2=another+value");
-  // to_raw_string outputs raw key/value without any encoding
-  ASSERT_EQ(params.to_raw_string(),
+  // to_unsafe_string outputs raw key/value without any encoding
+  ASSERT_EQ(params.to_unsafe_string(),
             "key1=value with spaces&key2=another value");
   SUCCEED();
 }
 
-TEST(url_search_params, to_raw_string_with_accents) {
+TEST(url_search_params, to_unsafe_string_with_accents) {
   auto params = ada::url_search_params();
   params.append("key1", "\u00E9t\u00E9");
   params.append("key2", "C\u00E9line Dion++");
   // to_string percent-encodes and normalizes spaces to +
   ASSERT_EQ(params.to_string(),
             "key1=%C3%A9t%C3%A9&key2=C%C3%A9line+Dion%2B%2B");
-  // to_raw_string outputs raw key/value without any encoding
-  ASSERT_EQ(params.to_raw_string(),
+  // to_unsafe_string outputs raw key/value without any encoding
+  ASSERT_EQ(params.to_unsafe_string(),
             "key1=\u00E9t\u00E9&key2=C\u00E9line Dion++");
   SUCCEED();
 }
 
-TEST(url_search_params, to_raw_string_empty_values) {
+TEST(url_search_params, to_unsafe_string_empty_values) {
   auto params = ada::url_search_params();
   params.append("a", "");
   params.append("", "b");
   params.append("", "");
-  ASSERT_EQ(params.to_raw_string(), "a=&=b&=");
+  ASSERT_EQ(params.to_unsafe_string(), "a=&=b&=");
   ASSERT_EQ(params.to_string(), "a=&=b&=");
   SUCCEED();
 }
@@ -500,6 +500,6 @@ TEST(url_search_params, with_ampersands) {
   params.append("b", "?");
   params.append("b", "+");
   ASSERT_EQ(params.to_string(), "a=%26&b=%3F&b=%2B");
-  ASSERT_EQ(params.to_raw_string(), "a=&&b=?&b=+");
+  ASSERT_EQ(params.to_unsafe_string(), "a=&&b=?&b=+");
   SUCCEED();
 }